Security Requirements Engineering for Evolving Software Systems: A Survey
نویسندگان
چکیده
Long-lived software systems often undergo evolution over an extended period. Evolution of these systems is inevitable as they need to continue to satisfy changing business needs, new regulations and standards, and introduction of novel technologies. Such evolution may involve changes that add, remove, or modify features; or that migrate the system from one operating platform to another. These changes may result in requirements that were satisfied in a previous release of a system not being satisfied in subsequent versions. When evolutionary changes violate security requirements, a system may be left vulnerable to attacks. In this paper we review current approaches to security requirements engineering and conclude that they lack explicit support for managing the effects of software evolution. We then suggest that a cross fertilisation of the areas of software evolution and security engineering would address the problem of maintaining compliance to security requirements of software systems as they evolve. DOI: 10.4018/978-1-4666-1580-9.ch007
منابع مشابه
Towards Maintaining Long-Living Information Systems by Incorporating Security Knowledge
Modern information systems are increasingly complex and need to operate in evolving environments. As a consequence, systems must co-evolve to keep up-todate with their environments. This is especially important for security properties, since changes and patches tend to compromise them. We propose a security assessment approach for natural language requirements for systematic co-evolution. Our e...
متن کاملMaintaining Security Requirements of Software Systems Using Evolving Crosscutting Dependencies
1 Centre for Research in Computing, The Open University, United Kingdom 2 Lero – The Irish Software Engineering Research Centre, Ireland Abstract Security requirements are concerned with protecting assets of a system from harm. Implemented as code aspects to weave protection mechanisms into the system, security requirements need to be validated when changes are made to the programs during syste...
متن کاملSpecial issue: The future of software engineering for security and privacy
The scale of misuse of mission-critical assets manipulated by computer-based systems has increased, because of their worldwide accessibility through the Internet and the automation of systems. Security is concerned with the prevention of such misuse. The systematic development of software that considers security risks and threats explicitly is increasingly recognized as critical to improving ov...
متن کاملSurvey on Security Measures of Software Requirement Engineering
Software engineering concerns with wide use of engineering principles to achieve cost-effective software with potentiality to function on real machines. Requirement engineering in software development is more crucial. Everyone agrees that security is difficult. The requirements engineering principles are framed based on an idea that would engage the community overcoming complex problems. Securi...
متن کاملA framework to support selection of cloud providers based on security and privacy requirements
Cloud Computing is an evolving paradigm that is radically changing the way humans store, share and access their digital files. Despite the many benefits, such as the introduction of a rapid elastic resource pool, and on-demand service, the paradigm also creates challenges for both users and providers. In particular, there are issues related to security and privacy, such as unauthorized access, ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- IJSSE
دوره 1 شماره
صفحات -
تاریخ انتشار 2010